adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

7179 Commits

Author SHA1 Message Date
Martin Sutovsky 282d0f7820 Refactor docs 2025-05-21 16:48:54 +02:00
Valentin Lobstein e5bbc01e78 Update invision_customcss_rce.md 2025-05-21 08:38:36 +02:00
Chocapikk 28b7c7f786 Add Invision Community 5.0.6 customCss RCE (CVE-2025-47916) 2025-05-20 18:33:06 +02:00
Chocapikk 70d5fb4b65 Move from scanner to gather 2025-05-19 17:52:00 +02:00
msutovsky-r7 561eef98c1 Land #20188, adds module for CVE-2024-7399 Samsung MagicINFO 9 Server 
Samsung MagicINFO 9 Server RCE (CVE-2024-7399) Module
 2025-05-19 09:49:09 +02:00
Martin Sutovsky 070bd54d33 Addressing comments 2025-05-19 07:17:14 +02:00
mariomontecatine 8cde1bab78 Documentation for ipv6_multicast_ping.md 2025-05-18 04:31:03 -04:00
Spencer McIntyre 57c69049f7 Merge pull request #20175 from smashery/ruby-kerberoasting 
Ruby kerberoasting
 2025-05-16 10:28:52 -04:00
Brendan 76471731f9 Merge pull request #20112 from cdelafuente-r7/mod/ivanti/rce/cve_2025_22457 
Ivanti Connect Secure Unauthenticated RCE via Stack-based Buffer Overflow CVE-2025-22457
 2025-05-15 11:44:49 -05:00
msutovsky-r7 c598d8b4b0 Land #20020, adds module for Nextcloud Workflow Remote Code Execution 
Add exploit module for the nextcloud workflow vulnerability CVE-2023-26482
 2025-05-15 12:31:51 +02:00
Christophe De La Fuente 365caab8fc Update the error message in case of Broken pipe error and update the documentation 2025-05-15 12:10:53 +02:00
msutovsky-r7 e3649b31fe Land #20123, adds module for path traversal and credential harvester in PowerCom UPSMON Pro 
POWERCOM UPSMON PRO Path Traversal (CVE-2022-38120) and Credential Harvester (CVE-2022-38121) Module
 2025-05-15 07:23:07 +02:00
Chocapikk 75a3fa7ad7 Add CVE-2025-27007 in existing exploit(multi/http/wp_suretriggers_auth_bypass) module 2025-05-14 19:29:03 +02:00
Chocapikk 1888abaa4d Add WP Depicter Plugin Unauth SQL Injection (CVE-2025-2011) 2025-05-14 15:54:40 +02:00
whotwagner 2259de33c1 Fixed a txpo in nextcloud_workflows_rce.md 2025-05-14 13:40:47 +00:00
msutovsky-r7 fe5f56cac0 Land #20159, adds module for privilege escalation in Wordpress (CVE-2025-2563) 
Add Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563)
 2025-05-14 15:33:30 +02:00
msutovsky-r7 7d8d0230cb Land #20026, adds module for CVE-2024-57487 
New Exploit Module & Documentation for CVE-2024-57487
 2025-05-14 08:00:20 +02:00
Chocapikk e335841bb0 Add Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563) 2025-05-13 21:42:09 +02:00
Brendan cb6495e5bc Merge pull request #20146 from Chocapikk/wp_suretriggers_auth_bypass 
Add WP SureTriggers ≤1.0.78 admin-creation & RCE module (CVE-2025-3102)
 2025-05-13 10:53:44 -05:00
whotwagner 09aaf5865c Rearranged code and removed wait_for_payload_session 2025-05-13 13:48:56 +00:00
jenkins-metasploit e819362398 automatic module_metadata_base.json update 2025-05-13 13:45:30 +00:00
Brendan 5faa0a5b6b Merge pull request #19777 from msutovsky-r7/linqpad_deserialization 
Linqpad deserialization persistence
 2025-05-13 08:03:30 -05:00
Martin Sutovsky 939d997b8a Adds documentation 2025-05-13 14:57:55 +02:00
Ashley Donaldson 806d0ec557 Kerberoasting documentation 2025-05-13 18:26:25 +10:00
Ashley Donaldson 6d3fc7b732 Neatening kerberoasting modifications 2025-05-13 18:26:25 +10:00
msutovsky-r7 3af76cfa00 Renames incorrect option in documentation 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-05-13 06:30:00 +02:00
msutovsky-r7 8c647cd1ad Land #20118, changes target option for smb_to_ldap module 
Fix the smb_to_ldap module's missing target option
 2025-05-12 09:56:06 +02:00
h4x-x0r e9c88b55f2 cleanup 2025-05-09 22:39:30 +01:00
h4x-x0r 803581ab81 CVE-2024-7399 2025-05-09 17:27:22 +01:00
h4x-x0r 1cc0269edf more versions tested 2025-05-07 18:05:57 +01:00
h4x-x0r b5989070d0 path update 2025-05-07 18:05:04 +01:00
h4x-x0r 9ab2acc50f updated 2025-05-07 18:03:58 +01:00
Chocapikk 4d0c7bb71a Add WP SureTriggers ≤1.0.78 admin-creation & RCE module (CVE-2025-3102) 2025-05-07 17:45:30 +02:00
h4x-x0r 60668f3e26 CVE-2023-2917 2025-05-07 04:12:53 +01:00
h4x-x0r 8b94a560e7 Adjusted path 2025-05-07 03:53:36 +01:00
h4x-x0r 0491d3894e CVE-2023-2915 2025-05-07 03:45:59 +01:00
h4x-x0r c034c6490c CVE-2023-27856 2025-05-06 20:04:54 +01:00
h4x-x0r 2fdcb46918 CVE-2023-27855 2025-05-06 19:28:58 +01:00
Spencer McIntyre ba9ecec381 Merge pull request #19952 from jheysel-r7/get_naa_creds_via_relay 
Add SMB to HTTP relay support for get_naa_creds
 2025-05-06 10:43:10 -04:00
Martin Sutovsky d16c639278 Adds cleanup option in documentation 2025-05-06 09:07:21 +02:00
Martin Sutovsky 24a86cd74a Refactoring based on comments 2025-05-06 08:43:57 +02:00
Spencer McIntyre 6ab275a120 Remove a couple of debug prints 2025-05-05 10:58:41 -04:00
h4x-x0r 514f51d7dc CVE-2025-2264 
CVE-2025-2264
 2025-05-02 22:56:30 +01:00
h4x-x0r bd11531d4c wrong branch 2025-05-02 22:55:36 +01:00
h4x-x0r 18c34c6bd0 CVE-2025-2264 
CVE-2025-2264
 2025-05-02 22:53:57 +01:00
h00die-gr3y 908094da6b update documentation with privileged escalation to system 2025-05-02 20:59:07 +00:00
h00die-gr3y 1c5be6154a second release including Triofox + documentation 2025-05-02 20:42:14 +00:00
jheysel-r7 90417306bb Merge branch 'master' into add-opnsense-login-scanner 2025-05-02 07:20:01 -07:00
jheysel-r7 4b9032a487 Merge pull request #20060 from mekhalleh/rce_cve-2025-21293 
Added exploit module for CVE-2025-32433 (Erlang/OTP)
 2025-05-02 07:05:30 -07:00
jheysel-r7 c47c9b95fd Merge branch 'master' into get_naa_creds_via_relay 2025-05-01 20:33:35 -07:00